Debian alert: New gftp packages won't display the password
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 084-1 security@debian.org http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Package : gftp Vulnerability : Information Retrieval Problem-Type : local unauthorized Information Retrieval Debian-specific: no Stephane Gaudreault told us that version 2.0.6a of gftp displays the password in plain text on the screen within the log window when it is logging into an ftp server. A malicious collegue who is watching the screen could gain access to the users shell on the remote machine. This problem has been fixed by the Security Team in version 2.0.6a-3.2 for the stable Debian GNU/Linux 2.2. We recommend that you upgrade your gftp package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - ------------------------------------ Source archives: http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a.orig.tar.gz MD5 checksum: 8eba39ab947712b46756b4e014b72e8c http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a-3.2.diff.gz MD5 checksum: 5b0f8f6b09910a413981fc61fb6cf484 http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a-3.2.dsc MD5 checksum: 127b1caeacaf342a6f43cfc995b080d6 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/gftp_2.0.6a-3.2_alpha.deb MD5 checksum: 8df836bc91543dc8387a88e4dd8bbdff ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/gftp_2.0.6a-3.2_arm.deb MD5 checksum: 443740e7141814de14687e8209202275 Intel ia32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/gftp_2.0.6a-3.2_i386.deb MD5 checksum: 674adafc20770c71c53a8b44a4959a25 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/gftp_2.0.6a-3.2_m68k.deb MD5 checksum: 301a2a4597e2d8b01e6ee2b273647632 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/gftp_2.0.6a-3.2_powerpc.deb MD5 checksum: d1a65f1efe034f9462bb7bff35d58d58 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/gftp_2.0.6a-3.2_sparc.deb MD5 checksum: 630a9b18ff29b6a21778dd9dff9a7b9d These files will be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7zzx9W5ql+IAeqTIRAo6GAJ0fdKT77BqyVTn5anub8vpFo+A5+gCbBkAG nACBEkSWz+TRIH/VnaxsHqg= =E1XF -----END PGP SIGNATURE----- |
|
This topic does not have any threads posted yet!
You cannot post until you login.